Tracking The Sandbox’s Blockchain Economy Through Nearly 5 Million Transactions

Written by cryptanalyze | Published 2026/03/11
Tech Story Tags: gamefi | the-sandbox | ethereum-gamefi | sand-token | blockchain-network-analysis | crypto-whales-behavior | decentralized-gaming-economy | gamefi-research

TLDRThis study analyzes nearly 5 million Ethereum transactions tied to The Sandbox to understand how the GameFi ecosystem behaves on-chain. Using network graph analysis and the Bow-Tie model, the research examines how users, whales, brand partnerships, and scandals influence transaction activity and network structure. By tracking transaction flows, value transfers, and whale behavior across different network partitions, the analysis reveals how external events shape participation and economic activity within The Sandbox metaverse.via the TL;DR App

Table of Contents

The Data

A. Transaction Graph

We have gathered transaction data from Etherscan for our analysis of The Sandbox. This transaction data consists of all transactions involving any of the contracts created by The Sandbox Deployer4 and The Sandbox Deployer 25 addresses on the Ethereum blockchain. This includes normal, token, NFT, multi-token, and internal transactions as defined by Ethereum and Etherscan. This is to say that we have collected every transaction related to The Sandbox. Therefore, this includes any transactions involving SAND, LAND, or ASSETs. The data spans from October 10, 2019, to October 26, 2023, so it covers most of The Sandbox’s lifespan up to this point. In total, we have 4,948,956 transactions involving 659,248 addresses. We use the from, to, contractAddress, timestamp, and value parameters of the data collected. The from parameter holds the address that sent the transaction, while the to parameter holds the address the transaction was targeted at. Sometimes, the to parameter is empty, so, in those cases, we use the contractAddress parameter instead, which holds the address of the contract invoked in the transaction. The timestamp parameter holds when the transaction was sent, and the value parameter holds the amount of Ethereum sent in the transaction.

To find potential vulnerabilities within The Sandbox’s codebase, we also gathered GitHub issue data on all of The Sandbox’s repositories. However, there are only 14 with a collective two issues, which do not raise any concerns with The Sandbox’s code. One asks a question, and the other answers a question found in the comments of one of the repository’s files. The Sandbox also scored a high AA on their CertiK audit [6], so it is fairly safe to say that The Sandbox’s code does not have many if any, security risks by current standards. Thus, this data bears no fruit.

B. Bow-tie Model

To start, we create a directed network from our transaction data where the nodes represent addresses, and the edges are the transactions from and to each other. Then, we split this network into the Bow-tie Model to further analyze its underlying graph structure [7]. The Bow-tie model comprises several groups: SCC, IN, OUT, TUBES, TENDRILS IN, TENDRILS OUT, and OTHER. The SCC, the strongly connected component, is the collection of nodes in the graph that interact with each other. The IN group is the collection of nodes that interact with the SCC but do not have the SCC interact with them. The OUT group consists of the nodes that are interacted with by the SCC but do not interact with the SCC. The TUBES are a series of nodes that connect the IN group to the OUT group. The TENDRILS IN are nodes that are interacted with by the IN group but are disconnected from the SCC and OUT groups. The TENDRILS OUT are nodes that interact with the OUT group but are disconnected from the SCC and IN groups. The OTHER nodes are just those that do not fit into any of these categories [7]. Separating the network into these partitions shows the differences between their activity levels at any given time. This helps us identify how these different groups reacted to different events and whether those reactions were positive or negative. We will also be able to better analyze the graph’s structure as we will have similarly behaving addresses grouped for closer analysis.

Separating the network into these partitions shows the differences between their activity levels at any given time. This helps us identify how these different groups reacted to different events and whether those reactions were positive or negative. We will also be able to better analyze the graph’s structure as we will have similarly behaving addresses grouped for closer analysis.

C. The Sandbox Support

A point of interest for The Sandbox is the outside support it receives from traditional brands. The brands from which The Sandbox has received support vary greatly in their fields. Some of the support has come from traditional video game companies such as Square Enix with Dungeon Siege [8], Ubisoft with Rabbids [9], Skybound Entertainment with The Walking Dead (also a comic book and TV show) [10], Atari [11], and ZEPETO [12]. They have also received support from several music artists such as Snoop Dogg [13], deadmau5 [14], Steve Aoki [15], and the Warner Music Group [16]. Adidas [17] and Gucci Vault [18] also provided support as fashion brands, and the Smurfs [19] and Care Bears [20] were present as well as Cartoon Brands. We chose these brands as our points of interest as these are the brands that The Sandbox consistently points to when discussing companies that are invested in The Sandbox.

D. The Sandbox Scandals

On the other end of support are the scandals that The Sandbox has faced. As discussed in the data section, The Sandbox has a relatively good record compared to its competitors, so it lacks scandals related to The Sandbox code itself. But there are a few related scandals we will analyze. The first scandal we looked at was the Ronin hack mentioned above. While this hack did not directly involve The Sandbox, it did affect the value of SAND [21], so it is worth investigating the activity level after it occurred. The next scandal we looked at involved an employee’s work computer being hacked and used to send phishing emails to Sandbox users whose emails the computer had access to [22]. While this event did not involve a vulnerability in The Sandbox’s code, it reflected poorly on the company’s security standards so that it could have alerted some users to action. Another similar scandal involved the CEO’s Twitter being hacked and used to post a crypto scam [23]. Again, this did not directly involve the security of The Sandbox, but it reflects poorly upon its parent company. The last scandal we looked at was the recent United States Securities and Exchanges Commission (SEC) hearing where SAND was labeled an unregistered security [24]. While The Sandbox has claimed that they disagree with this claim [25], this is still a significant event that affected the outlook of GameFi as a whole, so looking at how this affected the transaction data is worthwhile.

E. Whales

With our transaction data, we also look at the SAND whales of The Sandbox. Whales, in the context of cryptocurrency, are addresses that hold a substantial amount of cryptocurrency. This paper defines a whale as an address that has received a net amount of SAND worth at least 1e22 Wei or 10,000 Eth. By identifying these whales, we get insight into the number of whales involved in The Sandbox and their reactions to these events. We also identify the change in whales over time and which sections of the bow-tie model they fit into.

Methodology

As discussed in sections III-C and III-D, The Sandbox has received support from several traditional brands and has faced several scandals over time, but the impact of these events on The Sandbox’s success is unclear. Thus, we aim to analyze this impact using our transaction data. By looking at the dates these collaborations were released, we see if they resulted in increased or decreased transactions. Specifically, we look at the 30 days before and after the events to identify any spikes and changes in patterns surrounding the events. We also looked at the total value of these transactions in the same 61-day period to see if these events affected the volume of value sent.

We also use our bow-tie model to analyze the effects of these events on the different partitions we made to see how the different groups react to each event. With these separate groups, we can see how these events affected activity among different types of users in The Sandbox and if there were any significant shifts in the graph’s structure. We analyze the shifting structure of the transaction graph by calculating the bow-tie partitions before and after these events to see how they affected their sizes and, thus, the graph’s structure. We also specifically look at where these moving addresses are coming from, whether they are newly introduced to the graph or shifted from another partition.

With the whales discussed in section III-E, we perform a similar analysis with the Bow-tie model and these events to see how the overall patterns of the network compare to the patterns of just the transactions involving the whales. Also, by looking at the changing amount of SAND held by different addresses over time, we identified if there were whales that bailed on SAND and thus stopped being whales and whether their transaction patterns revealed anything about the graph. Also, as mentioned previously, we identify which categories within the Bow-tie model these whales exist within and discuss the implications of those classifications. In addition, we use the average degree of the network and the whales as a point of analysis.

Authors:

  1. Fernando Spade
  2. Oshani Seneviratne

This paper is available on arxiv under CC by 4.0 Deed (Attribution 4.0 International) license.

Written by cryptanalyze | Cryptanalyze, crack the code.
Published by HackerNoon on 2026/03/11
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy